Allan Hansen wrote: > >I just upgraded my system from Mailman 2.1.5 to 2.1.9. After this change I am >no longer >able to use the 'Change globally' options when helping my subscribers change >their >subscription addresses or such.
This was changed because it was considered a security issue to allow the owner of one list to change settings for a user on another list. A malicious owner could even mass subscribe a member of some other list and change that user's settings on the other list. >I have used mmsitepass to set a site administrator password (to be sure that >that is the password I'm using). The site admin can still make global user changes, but in order for this to work you have to set ALLOW_SITE_ADMIN_COOKIES = Yes in mm_cfg.py. This is because in the absence of this setting, when you authenticate to a list with the site password, you get a list admin cookie, not a site admin cookie. See the comments above this setting in Defaults.py for why the default is No. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
